Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

read tickets #132

Closed
wants to merge 1 commit into from
Closed

read tickets #132

wants to merge 1 commit into from

Conversation

graydon
Copy link
Contributor

@graydon graydon commented Jun 23, 2022
edited
Loading

This is a WIP implementation of "read tickets", a mechanism for associating read permissions with objects and enforcing that only context frames granted access to an object can read it. It doesn't currently perform the permission-transfer necessary when handing an object handle from a contract caller to callee, so at the moment it completely isolates objects allocated by frame X from those allocated by frame Y, but I'll finish this up tomorrow to allow such transfers.

I think this is about the cheapest/simplest way to enforce this sort of thing. I sketched a few designs based on frame-local aliases / forwarding proxies and they just wind up messier and using more memory & CPU. Most of the time this just adds ~2 words to every object and does a couple bitmask tests.

  • Ensure that the read ticket mask for every object allocated in an aborted subtransaction is set to "unreadable"
  • Figure out how read tickets relate to debug events -- probably "should ignore them when formatting values for debug strings"

@graydon graydon changed the title wip read tickets Jun 23, 2022
@graydon graydon mentioned this pull request Jul 5, 2022
Closed
39 tasks
leighmcculloch
leighmcculloch reviewed Jul 20, 2022
View reviewed changes
Copy link
Member

@leighmcculloch leighmcculloch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@graydon Was this ready to merge and we forgot to review / merge it?

@jonjove
Copy link
Contributor

jonjove commented Jul 20, 2022

@leighmcculloch my understanding of this PR was that it was a proof-of-concept, but we weren't going to review it until after the current iteration. @graydon correct me if I'm wrong.

@graydon
Copy link
Contributor Author

graydon commented Jul 20, 2022

Yeah this is a "come back to it in next iteration" change. I think it's roughly the right shape (given the ugly problem space) but there's a little care required and it doesn't really block anything just yet.

@graydon graydon mentioned this pull request Mar 13, 2023
Closed
@graydon graydon mentioned this pull request May 2, 2023
Closed
@graydon
Copy link
Contributor Author

graydon commented May 2, 2023

possibly ticket numbers should be "the next free object handle", and we can integrate this work with #681

@anupsdf anupsdf added the Security Security fixes or features label May 30, 2023
@anupsdf
Copy link
Contributor

anupsdf commented Jun 22, 2023

Setting target milestone to Testnet Phase 1 after discussing with @graydon

@graydon graydon mentioned this pull request Jul 5, 2023
Closed
@graydon
Copy link
Contributor Author

graydon commented Jul 5, 2023

Continuing in #930

@graydon graydon closed this Jul 5, 2023
@graydon graydon mentioned this pull request Jul 13, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leighmcculloch leighmcculloch leighmcculloch left review comments

@jonjove jonjove Awaiting requested review from jonjove

Assignees

@graydon graydon

Labels
Security Security fixes or features
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@graydon @jonjove @anupsdf @leighmcculloch